Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

* A resource vulnerability in the Block Storage (cinder) service was foundin its use of qemu-img. An unprivileged user could consume as much as 4 GBof RAM on the compute host by uploading a malicious image. This flaw couldlead possibly to host out-of-memory errors and negatively affect otherrunning tenant instances. (CVE-2015-5162)

4. Solution:

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to: